program: syz_emit_ethernet(0x7c, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x46, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x6, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430"}]}}}}}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x13d}) syz_80211_inject_frame(&(0x7f0000000240)=@device_b, &(0x7f0000000000)=ANY=[@ANYBLOB="80000000080211000001080211000000aa09b799c0d70000000000000000000064000110000602020202020201010b04060200005ba10972060303030303037107"], 0xb5) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='00'], 0x30}, 0x1, 0x0, 0x0, 0x18004}, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REG(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000800000001a000000280022800414008004000080040000808341f1680200008014000080040000800400008004000080060021"], 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="800000"], 0x44) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) [ 74.699896][ T48] Bluetooth: hci0: command tx timeout [ 74.736660][ T5325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.771144][ T5325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.788068][ T5325] wlan1: No basic rates, using min rate instead [ 74.791063][ T5325] ------------[ cut here ]------------ [ 74.793279][ T5325] WARNING: CPU: 0 PID: 5325 at net/mac80211/mlme.c:1012 ieee80211_prep_channel+0x389b/0x5120 [ 74.797128][ T5325] Modules linked in: [ 74.798812][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07267-g405057718a1f #0 [ 74.802796][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.806933][ T5325] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 74.809433][ T5325] Code: c6 05 05 8f 87 04 01 48 c7 c7 f7 69 29 8d be 78 03 00 00 48 c7 c2 e0 6a 29 8d e8 e0 3d 1d f6 e9 7e ca ff ff e8 56 70 41 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 78 7a 9c f6 48 c7 44 24 30 ea ff ff ff [ 74.816610][ T5325] RSP: 0018:ffffc9000d48e540 EFLAGS: 00010283 [ 74.819346][ T5325] RAX: ffffffff8b7e07da RBX: 0000000000000000 RCX: 0000000000100000 [ 74.822756][ T5325] RDX: ffffc9000f03a000 RSI: 000000000000091e RDI: 000000000000091f [ 74.825848][ T5325] RBP: ffffc9000d48e890 R08: ffffffff8b7ddcf9 R09: ffffffff8b5094f9 [ 74.829302][ T5325] R10: 000000000000000e R11: ffff888000aaa440 R12: dffffc0000000000 [ 74.832441][ T5325] R13: ffff888043dc6758 R14: ffffc9000d48e750 R15: ffffc9000d48e790 [ 74.835326][ T5325] FS: 00007f6d762556c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 74.838323][ T5325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.840444][ T5325] CR2: 00007f6d75372ac0 CR3: 0000000036080000 CR4: 0000000000352ef0 [ 74.843124][ T5325] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.845815][ T5325] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.848408][ T5325] Call Trace: [ 74.849398][ T5325] [ 74.850260][ T5325] ? __warn+0x165/0x4d0 [ 74.851651][ T5325] ? ieee80211_prep_channel+0x389b/0x5120 [ 74.853544][ T5325] ? report_bug+0x2b3/0x500 [ 74.855226][ T5325] ? ieee80211_prep_channel+0x389b/0x5120 [ 74.857618][ T5325] ? handle_bug+0x60/0x90 [ 74.859233][ T5325] ? exc_invalid_op+0x1a/0x50 [ 74.860986][ T5325] ? asm_exc_invalid_op+0x1a/0x20 [ 74.862748][ T5325] ? cfg80211_get_end_freq+0x79/0x1d0 [ 74.864613][ T5325] ? ieee80211_prep_channel+0xdb9/0x5120 [ 74.866705][ T5325] ? ieee80211_prep_channel+0x389a/0x5120 [ 74.868895][ T5325] ? ieee80211_prep_channel+0x389b/0x5120 [ 74.870984][ T5325] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 74.873169][ T5325] ? ieee80211_prep_channel+0x20a/0x5120 [ 74.875375][ T5325] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 74.877940][ T5325] ? rcu_is_watching+0x15/0xb0 [ 74.879804][ T5325] ? __pfx_lock_release+0x10/0x10 [ 74.881708][ T5325] ieee80211_prep_connection+0xda1/0x1310 [ 74.883810][ T5325] ieee80211_mgd_auth+0xcec/0x1480 [ 74.885796][ T5325] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 74.888028][ T5325] ? rcu_is_watching+0x15/0xb0 [ 74.889841][ T5325] cfg80211_mlme_auth+0x59f/0x970 [ 74.891680][ T5325] cfg80211_conn_do_work+0x601/0xeb0 [ 74.893567][ T5325] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 74.895808][ T5325] ? trace_cfg80211_return_bss+0x87/0x210 [ 74.898068][ T5325] ? __cfg80211_get_bss+0x949/0xb10 [ 74.899871][ T5325] ? cfg80211_connect+0x13fd/0x1d10 [ 74.901810][ T5325] cfg80211_connect+0x1486/0x1d10 [ 74.903669][ T5325] ? __pfx_cfg80211_connect+0x10/0x10 [ 74.905694][ T5325] ? __asan_memset+0x23/0x50 [ 74.907480][ T5325] ? nl80211_crypto_settings+0xb4d/0xe90 [ 74.909492][ T5325] nl80211_connect+0x188f/0x1fe0 [ 74.911305][ T5325] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 74.913479][ T5325] ? __pfx_nl80211_connect+0x10/0x10 [ 74.915412][ T5325] ? trace_contention_end+0x3c/0x120 [ 74.917525][ T5325] genl_rcv_msg+0xb14/0xec0 [ 74.919238][ T5325] ? __pfx_genl_rcv_msg+0x10/0x10 [ 74.921087][ T5325] ? __pfx_lock_acquire+0x10/0x10 [ 74.922885][ T5325] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 74.925063][ T5325] ? __pfx_nl80211_connect+0x10/0x10 [ 74.927156][ T5325] ? __pfx_nl80211_post_doit+0x10/0x10 [ 74.929414][ T5325] ? __pfx___might_resched+0x10/0x10 [ 74.931388][ T5325] netlink_rcv_skb+0x1e3/0x430 [ 74.933209][ T5325] ? __pfx_genl_rcv_msg+0x10/0x10 [ 74.935095][ T5325] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 74.937089][ T5325] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 74.939259][ T5325] genl_rcv+0x28/0x40 [ 74.940790][ T5325] netlink_unicast+0x7f6/0x990 [ 74.942705][ T5325] ? __pfx_netlink_unicast+0x10/0x10 [ 74.944720][ T5325] ? __virt_addr_valid+0x45f/0x530 [ 74.946629][ T5325] ? __phys_addr_symbol+0x2f/0x70 [ 74.948602][ T5325] ? __check_object_size+0x47a/0x730 [ 74.950487][ T5325] netlink_sendmsg+0x8e4/0xcb0 [ 74.952258][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.954252][ T5325] ? aa_sock_msg_perm+0x91/0x160 [ 74.956160][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.958406][ T5325] __sock_sendmsg+0x221/0x270 [ 74.960203][ T5325] ____sys_sendmsg+0x52a/0x7e0 [ 74.962068][ T5325] ? __pfx_____sys_sendmsg+0x10/0x10 [ 74.964125][ T5325] ? __fget_files+0x2a/0x410 [ 74.966069][ T5325] ? __fget_files+0x2a/0x410 [ 74.967941][ T5325] __sys_sendmsg+0x269/0x350 [ 74.969696][ T5325] ? __pfx___sys_sendmsg+0x10/0x10 [ 74.971570][ T5325] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.974013][ T5325] ? do_syscall_64+0x100/0x230 [ 74.975823][ T5325] ? do_syscall_64+0xb6/0x230 [ 74.977753][ T5325] do_syscall_64+0xf3/0x230 [ 74.979412][ T5325] ? clear_bhb_loop+0x35/0x90 [ 74.981171][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.983335][ T5325] RIP: 0033:0x7f6d7538cd29 [ 74.985145][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.992365][ T5325] RSP: 002b:00007f6d76255038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.995635][ T5325] RAX: ffffffffffffffda RBX: 00007f6d755a5fa0 RCX: 00007f6d7538cd29 [ 74.998711][ T5325] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 75.001650][ T5325] RBP: 00007f6d7540e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 75.004790][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.008133][ T5325] R13: 0000000000000000 R14: 00007f6d755a5fa0 R15: 00007ffd2ca3cba8 [ 75.011043][ T5325] [ 75.012200][ T5325] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.014983][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07267-g405057718a1f #0 [ 75.018601][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.022393][ T5325] Call Trace: [ 75.023473][ T5325] [ 75.024591][ T5325] dump_stack_lvl+0x241/0x360 [ 75.026370][ T5325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.028382][ T5325] ? __pfx__printk+0x10/0x10 [ 75.030142][ T5325] ? _printk+0xd5/0x120 [ 75.031632][ T5325] ? __init_begin+0x41000/0x41000 [ 75.033384][ T5325] ? vscnprintf+0x5d/0x90 [ 75.034973][ T5325] panic+0x349/0x880 [ 75.036369][ T5325] ? __warn+0x174/0x4d0 [ 75.037803][ T5325] ? __pfx_panic+0x10/0x10 [ 75.039381][ T5325] __warn+0x344/0x4d0 [ 75.040794][ T5325] ? ieee80211_prep_channel+0x389b/0x5120 [ 75.042784][ T5325] report_bug+0x2b3/0x500 [ 75.044275][ T5325] ? ieee80211_prep_channel+0x389b/0x5120 [ 75.046250][ T5325] handle_bug+0x60/0x90 [ 75.047727][ T5325] exc_invalid_op+0x1a/0x50 [ 75.049379][ T5325] asm_exc_invalid_op+0x1a/0x20 [ 75.051165][ T5325] RIP: 0010:ieee80211_prep_channel+0x389b/0x5120 [ 75.053373][ T5325] Code: c6 05 05 8f 87 04 01 48 c7 c7 f7 69 29 8d be 78 03 00 00 48 c7 c2 e0 6a 29 8d e8 e0 3d 1d f6 e9 7e ca ff ff e8 56 70 41 f6 90 <0f> 0b 90 48 8b 7c 24 30 e8 78 7a 9c f6 48 c7 44 24 30 ea ff ff ff [ 75.060409][ T5325] RSP: 0018:ffffc9000d48e540 EFLAGS: 00010283 [ 75.062697][ T5325] RAX: ffffffff8b7e07da RBX: 0000000000000000 RCX: 0000000000100000 [ 75.065660][ T5325] RDX: ffffc9000f03a000 RSI: 000000000000091e RDI: 000000000000091f [ 75.068544][ T5325] RBP: ffffc9000d48e890 R08: ffffffff8b7ddcf9 R09: ffffffff8b5094f9 [ 75.071494][ T5325] R10: 000000000000000e R11: ffff888000aaa440 R12: dffffc0000000000 [ 75.074503][ T5325] R13: ffff888043dc6758 R14: ffffc9000d48e750 R15: ffffc9000d48e790 [ 75.077607][ T5325] ? cfg80211_get_end_freq+0x79/0x1d0 [ 75.079669][ T5325] ? ieee80211_prep_channel+0xdb9/0x5120 [ 75.081736][ T5325] ? ieee80211_prep_channel+0x389a/0x5120 [ 75.083953][ T5325] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 75.086171][ T5325] ? ieee80211_prep_channel+0x20a/0x5120 [ 75.088209][ T5325] ? __pfx_ieee80211_prep_channel+0x10/0x10 [ 75.090374][ T5325] ? rcu_is_watching+0x15/0xb0 [ 75.092191][ T5325] ? __pfx_lock_release+0x10/0x10 [ 75.094152][ T5325] ieee80211_prep_connection+0xda1/0x1310 [ 75.096317][ T5325] ieee80211_mgd_auth+0xcec/0x1480 [ 75.098300][ T5325] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [ 75.100321][ T5325] ? rcu_is_watching+0x15/0xb0 [ 75.102123][ T5325] cfg80211_mlme_auth+0x59f/0x970 [ 75.103966][ T5325] cfg80211_conn_do_work+0x601/0xeb0 [ 75.105947][ T5325] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [ 75.108149][ T5325] ? trace_cfg80211_return_bss+0x87/0x210 [ 75.110291][ T5325] ? __cfg80211_get_bss+0x949/0xb10 [ 75.112235][ T5325] ? cfg80211_connect+0x13fd/0x1d10 [ 75.114215][ T5325] cfg80211_connect+0x1486/0x1d10 [ 75.116181][ T5325] ? __pfx_cfg80211_connect+0x10/0x10 [ 75.118258][ T5325] ? __asan_memset+0x23/0x50 [ 75.120032][ T5325] ? nl80211_crypto_settings+0xb4d/0xe90 [ 75.122123][ T5325] nl80211_connect+0x188f/0x1fe0 [ 75.123967][ T5325] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 75.126271][ T5325] ? __pfx_nl80211_connect+0x10/0x10 [ 75.128336][ T5325] ? trace_contention_end+0x3c/0x120 [ 75.130375][ T5325] genl_rcv_msg+0xb14/0xec0 [ 75.132073][ T5325] ? __pfx_genl_rcv_msg+0x10/0x10 [ 75.133994][ T5325] ? __pfx_lock_acquire+0x10/0x10 [ 75.135995][ T5325] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 75.138101][ T5325] ? __pfx_nl80211_connect+0x10/0x10 [ 75.140097][ T5325] ? __pfx_nl80211_post_doit+0x10/0x10 [ 75.142185][ T5325] ? __pfx___might_resched+0x10/0x10 [ 75.144225][ T5325] netlink_rcv_skb+0x1e3/0x430 [ 75.146115][ T5325] ? __pfx_genl_rcv_msg+0x10/0x10 [ 75.148018][ T5325] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 75.150000][ T5325] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 75.152004][ T5325] genl_rcv+0x28/0x40 [ 75.153501][ T5325] netlink_unicast+0x7f6/0x990 [ 75.155330][ T5325] ? __pfx_netlink_unicast+0x10/0x10 [ 75.157336][ T5325] ? __virt_addr_valid+0x45f/0x530 [ 75.159307][ T5325] ? __phys_addr_symbol+0x2f/0x70 [ 75.161264][ T5325] ? __check_object_size+0x47a/0x730 [ 75.163252][ T5325] netlink_sendmsg+0x8e4/0xcb0 [ 75.165136][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.167127][ T5325] ? aa_sock_msg_perm+0x91/0x160 [ 75.168987][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.170953][ T5325] __sock_sendmsg+0x221/0x270 [ 75.172749][ T5325] ____sys_sendmsg+0x52a/0x7e0 [ 75.174660][ T5325] ? __pfx_____sys_sendmsg+0x10/0x10 [ 75.176694][ T5325] ? __fget_files+0x2a/0x410 [ 75.178480][ T5325] ? __fget_files+0x2a/0x410 [ 75.180266][ T5325] __sys_sendmsg+0x269/0x350 [ 75.182022][ T5325] ? __pfx___sys_sendmsg+0x10/0x10 [ 75.183992][ T5325] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 75.186510][ T5325] ? do_syscall_64+0x100/0x230 [ 75.188329][ T5325] ? do_syscall_64+0xb6/0x230 [ 75.190103][ T5325] do_syscall_64+0xf3/0x230 [ 75.191781][ T5325] ? clear_bhb_loop+0x35/0x90 [ 75.193559][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.195810][ T5325] RIP: 0033:0x7f6d7538cd29 [ 75.197456][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.204584][ T5325] RSP: 002b:00007f6d76255038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.207689][ T5325] RAX: ffffffffffffffda RBX: 00007f6d755a5fa0 RCX: 00007f6d7538cd29 [ 75.210666][ T5325] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 75.213615][ T5325] RBP: 00007f6d7540e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 75.216575][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.219539][ T5325] R13: 0000000000000000 R14: 00007f6d755a5fa0 R15: 00007ffd2ca3cba8 [ 75.222533][ T5325] [ 75.223975][ T5325] Kernel Offset: disabled [ 75.225646][ T5325] Rebooting in 86400 seconds..